Password cracking using chunk similarity

Textual password is one of the most important authentic means used in modern information systems and password cracking is an important means of measuring password strength. Recently, data-driven approaches are proposed in order to improve the efficiency and accuracy of the password guessing process. These methods usually train a model based on leaked password datasets so as to capture the internal patterns hidden behind the human created passwords, and most of them focus on the relationships between characters within a password. In this article, we emphasizes that the character relations between passwords need also to be considered. We treat a password as a sequence of chunks or segments, which is a small sub-string of the password and appears frequently in a password dataset. Instead of modeling the relations of chunks within a password, we proposed a method, which selects a seed password from a training set, breaks the seed password into chunks, and then generates new passwords by choosing a chunk and replacing it with another one according to their similarities. Several experiments are conducted on three password datasets so as to evaluate different aspects of the proposed approach. The results show that the proposed method is comparable with the state of the art approaches, such as PassGAN, DPG, FLA and PCFG v4.3, which is the latest version of PCFG. The results also revealed that chunk level relations between passwords play an important role in the process of password creation.